Modern smart communications devices, such as cellular phones, personal digital assistants (“PDAs”), iPads® (a trademark of Apple Inc.), smartphones, mobile payment systems, e.g., point of sale systems (wired and wireless), mobile healthcare systems, handheld law enforcement systems, or other types of tablet devices (hereinafter, collectively, “mobile smart devices”), allow users to execute an entire range of commercial transactions, which requires users to enter required authentication credentials into the devices. Additionally, company and personal data can be repeatedly and permanently stored, and modified on these devices. Some organizations allow authorized mobile devices users to remotely access the entire corporate file structure.
Mobile smart devices are used by increasing numbers of children and minors. When used legitimately, these mobile smart devices can help a family communicate and manage complex schedules. As such, mobile smart devices provide an important safety link for children to enable them to call home in emergencies, etc.
Some of the most current mobile smart devices provide children and adults with access to nearly an unlimited variety of fun and/or developmental games. With regard to children, there are very real and well documented risks associated with mobile smart devices because children can be exploited by potential predators and other people who pose risks. These risks include, but are not limited to, children being given access to age inappropriate content, and more dangerously, through games or social networking services, means for luring them to provide personal data or enter into inappropriate communications. The ease of installing applications, the unlimited sources and supplies of applications, and the challenge of guaranteeing authenticity or legitimacy of applications make it nearly impossible to confidently contend that one's children are safely using their mobile smart devices.
When a mobile smart device downloads an application, that mobile smart device trusts the marketplace to verify the application does not include malware or other types of viruses. However, counterfeit versions of applications, such as counterfeit versions of the application “Angry Birds®” (a trademark of Rovio Mobile Oy Corporation), fail in this regard. As such, if a malware author creates a counterfeit group of applications, all of which include malware or other types of viruses, the damage to the devices, including mobile smart devices, on which they are downloaded, could be substantial.
Further, developers and publishers of applications that are downloaded to mobile smart devices have the expectation that the devices onto which their applications are downloaded are authorized mobile smart devices. If not, it provides an opportunity for attackers to impersonate an authorized mobile smart device to improperly obtain access to downloadable applications for unauthorized purposes.
The specific risks for mobile smart devices are both well documented and increasing. Mobile “botnets,” pieces of malware running on mobile smart devices, facilitate the participation of these devices in illicit activities, such as stealing data and unwittingly participating in coordinated attacks, have been in existence since at least 2009. Exploits against Android™ (a trademark of Google Inc.), Windows Mobile® (a trademark of Microsoft Corporation), and iPhones® (a trademark of Apple Inc.) are published regularly. For the purposes of the present invention, an “exploit” is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Exploits include, but are not limited to, things that will facilitate activities such as gaining control of a computer system or allowing privilege escalation, or a denial-of-service attack.
The mobile smart device industry has tended to mirror the desktop industry with regard to the compromise of mobile security devices. In this context, it is understood by mobile smart device users that their devices can be compromised and, in this light, what they want to know is how to detect when the device is compromised and how to significantly reduce the risk of compromise.
With the advent of the increased amount of confidential data and information being stored on mobile smart devices, there is a much greater risk of attackers seeking to surreptitiously gain access to these devices to obtain this information and data.
There are companies that have attempted to combat some of the security risks discussed above. One company, Lookout, Inc., has indicated it is developing a virus scanning application for mobile devices based on signature-based scanning. However, the personal computer market has proven the futility of the signature-based scanning approach. This approach has two basic problems.
The first problem is that the signature-based scanning approach relies on software interfaces to the applications and operating systems (“OS”) receiving information about the data on the computer. However, it has become known that these types of dependencies can render the protection of applications useless. This is because if the attack program is sophisticated, such as those commonly referred to as “root-kits,” they can subvert the OS itself and in turn “lie” to a virus scanner when they request potentially compromising information.
The second problem with the signature-based scanning approach is that it relies on cryptographic signatures of known malicious code in order to determine what to declare as a virus. The obvious problem with this approach is the system has no way of finding or quarantining malicious code that it has not already been told is malicious. As such, signature-based malware detection is generally believed to be incapable of keeping up with the development of malicious software, exploits, and emerging attack vectors.
Another company, Fixmo, Inc., has taken a software approach in the form of a desktop product that snapshots what is stored on a mobile device, e.g., a BlackBerry® (a trademark of Research in Motion Limited), and compares it with a previous snapshot. This approach, however, is not portable (mobile), is inconvenient, and is not designed for mass marketing.
From the point of view of carriers, e.g., AT&T Wireless and Verizon Wireless, the problems and risks discussed above drive up the real economic cost of customer support. Labor hours in retail stores and online are being spent to help customers troubleshoot their mobile smart devices. As mobile smart devices become even “smarter” and more complex, there will be a greater number of possible ways for something to go wrong with them. Currently, troubleshooting is a labor intensive proposition for carriers, it does not produce extra sales, and it takes away from employee time to generate sales.
Currently, there is not an easy and efficient way to scan a mobile smart device for malware and other viruses. The usual approach is to connect the mobile smart device to a laptop or desktop computer to perform such scans. Further, these scans must be carried out with the active participation of the computer user.
Typically, when a mobile smart device is being charged, it is usually dead time with respect to its user being able to use the device because it is tethered to a socket or computer by a charging cord. Further, mobile smart devices are almost totally unusable when they are being charged using a charging pad. This is why many people charge these devices at night or when they know they do not need to use them. It would be very advantageous to be able to use the charging time more efficiently and conduct malware and virus scans while the mobile smart device is being charged.
There is the need for a system and method that enables bidirectional trust between downloaded applications and the mobile smart devices onto which these applications are downloaded so that the mobile smart device can trust the downloaded applications are authentic and the downloaded applications can trust the mobile smart device is authorized to download them. There also is a need for an inexpensive mobile device that can be used for charging a mobile smart device and while charging scan and identify malware and other viruses that are on the mobile device.